Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi ss198939,
you can check the hit counts by using the below commands
#diag firewall proute list
you have to run the debug flow to check the exact policy route which matches the traffic
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Diagnostic-commands-to-check-the-status-of...
Thanks
Sasikumar.S
Fortigate checks first PBR table, in order, then regular FIB (static/dynamic) table. You could, for example, prevent going to the regular FIB by creating 2 PBR rules - 1st via the actual interface you want it to be routed to, 2nd, after this, PBR rule with the same match but routing traffic to a Loopback interface, which is always on, and this way black holing such traffic when regular interface is down. Not something I did, but thinking out loud.
EDIT: only after the publishing noticed the post is from 2018, but will leave it for future readers anyway.
I think policy route is not good practice. Avoid using it unless it is "really really really" necessary. Use instead static routes, routing protocols, SD-WAN rules.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1522 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.